Re: Recognizing superuser in pg_hba.conf

Vik Fearing <vik.fearing@2ndquadrant.com> writes:
> It can sometimes be useful to match against a superuser in pg_hba.conf.

Seems like a reasonable desire.

> Adding another keyword can break backwards compatibility, of course.  So
> that is an issue that needs to be discussed, but I don't imagine too
> many people are using role names "superuser" and "nonsuperuser". Those
> who are will have to quote them.

I'm not very happy about the continuing creep of pseudo-reserved database
and user names in pg_hba.conf.  I wish we'd adjust the notation so that
these keywords are syntactically distinct from ordinary names.  Given
the precedent that "+" and "@" prefixes change what an identifier means,
maybe we could use "*" or some other punctuation character as a keyword
prefix?  We'd have to give grandfather exceptions to the existing
keywords, at least for a while, but we could say that new ones won't be
recognized without the prefix.

            regards, tom lane